Ahoy. CAPTAINS must be some sort of translation to EXPERTS, which is also common. Create an alias using the FQDN you want to block, create a a pass rule source the address you want to control destination that alias with a schedule for when you want to allow access followed by a reject rule with the same source/dest without a schedule. Based on the information given that's the best I can do.

@KOM: If anyone know about port 80 whats wrong please update. Are you running WebGUI in HTTP mode?… yes sir running pfsense web gui on http port 80 but trying to forward port 80 no success :( **Why is the destination address on your 8008 port forward not WAN address? @Derelict ok sir i changed it to Wan Addres**

In all likelihood there is no problem. It's the graph glitching when a counter wraps around.

For the benefit of others I wanted to mention my final solution. Turns out that getting a USB attached 4G Mifi/Dongle to work on pfsense is tricky, bordering on a fool's errand. Even if you get it to work there are issues, such a ppp not delivering LTE speeds, and mock-ethernet configurations potentially hanging on boot. Luckily, there is  an alternative, without all the headache: Just buy a 4G desktop router:  https://www.google.co.uk/search?q=4g+router&source=lnms&tbm=isch and connect it to pfsense with an ethernet cable. Yes, you need to be able to afford it (got a E5186 for £120 off ebay), and yes you need the appropriate number of ethernet ports on your pfsense. But this approach is so much easier than trying to dick around with obscure settings on a very specific MiFi model. It's also easier to trouble shoot as you can manage and reboot each device independently. ;D

It's a limitation of tcpdump on FreeBSD, nothing we can do about that. Even on FreeBSD 11 with the latest tcpdump it does not work. root@doctor:~ # /usr/local/sbin/tcpdump -i any tcpdump: any: No such device exists (BIOCSETIF failed: Device not configured) root@doctor:~ # /usr/local/sbin/tcpdump --version tcpdump version 4.8.0 libpcap version 1.8.0 OpenSSL 1.0.2j-freebsd  26 Sep 2016 root@doctor:~ # uname -a FreeBSD doctor.dw.example.com 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016    root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

check_reload_status is a command dispatching daemon. If it's using CPU, it's because it's being given a lot of commands. In other words, it's not causing the problem, you're looking at a symptom. You need to locate the actual cause. Look in all of your logs for any repeating events or other processes that are stopping/starting, for example.

What do your logs tell you?

Well, I reset the state table (tried this before, didn't seem to work) and cleared all firewall logs, then re-cleared the state table and we seem to be fine. I really need to learn more about pfsense….. I am such a noob which infuriates me :/

Zimbra uses Postfix, so your first step is to use DNSRBLs. Your biggest bang would be to add Spamhaus Zen. You can run the following command to see what restrictions have been configured: zmprov gacf | grep zimbraMtaRestriction Recommend the following settings: zimbraMtaRestriction: reject_invalid_hostname zimbraMtaRestriction: reject_non_fqdn_hostname zimbraMtaRestriction: reject_non_fqdn_sender zimbraMtaRestriction: reject_unknown_client zimbraMtaRestriction: reject_unknown_hostname zimbraMtaRestriction: reject_unknown_sender_domain zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org zimbraMtaRestriction: reject_rbl_client bl.spamcop.net zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org For pfBlockerNG, I wrote a script to import over 50 Blocklists here: https://forum.pfsense.org/index.php?topic=86212.msg549973#msg549973 It has a MAIL section which will also help reduce SPAM.

They are indeed in /conf/config.xml, they are not stored on the filesystem individually unless a program needs access to them. For example, if a certificate is active in IPsec or in use as an OpenVPN server certificate, it can be found in the configuration directories for those services.

Please submit your suggestion as a pull request here: https://github.com/pfsense/pfsense/ and the development team will review it for inclusion. At first glance it does look like a worthwhile improvement in cases with  very large number of rules.

So if this user can change their dns, what stops them as mentioned from just using a proxy or for that matter if you want let them do dns other than your limited restricted version, what stops them from using host names? Seems these so called "restricted" users are using their own hardware or have too many rights on them already if they can alter what dns they point to. Not sure how such a user would be considered restricted?  Use of dns like opendns or such that can be used to filter what a user looks up is fine.  But not really a way of actually restricting users access.  Can help them not hit malware sites and such for their own good.  But not really a good way of preventing them from going to sites "you" do not want them to go to for some reason? If you need such control then you should use a proxy, and only allow the proxy out.  Not individual machines.

I have an idea My DHCP scope included the IP address of the pfsense server and therefore someones mobile was picking up the same address as the pfsense IP address which I assigned as static. It was all my fault. Good stuff.

Last time it came up there was nothing special to do at all.

The warning about mixing tagged and untagged traffic on pfSense was something we said many years ago because it would cause problems with Captive Portal, among other things. There haven't been any pfSense issues with it in years. That said, there could possibly be something about the switch that makes it impractical or undesirable. That's completely up to the switch, however. Given the choice I'd still avoid it, but that isn't always practical.

No easy way from the GUI, but from the shell (or Diag > Command): pfctl -vvsr | grep xxxxxxx Where xxxxxxx is the ID or any description text

Unfortunately, the panics point to bad hardware, most likely memory: db:0:kdb.enter.default>  bt Tracing pid 3499 tid 100150 td 0xfffff8006a6834b0 kdb_enter() at kdb_enter+0x3e/frame 0xfffffe012113f730 vpanic() at vpanic+0x146/frame 0xfffffe012113f770 panic() at panic+0x43/frame 0xfffffe012113f7d0 pmap_remove_pages() at pmap_remove_pages+0x736/frame 0xfffffe012113f8b0 vmspace_exit() at vmspace_exit+0x9c/frame 0xfffffe012113f8f0 exit1() at exit1+0x65f/frame 0xfffffe012113f980 sys_sys_exit() at sys_sys_exit+0xe/frame 0xfffffe012113f990 amd64_syscall() at amd64_syscall+0x40f/frame 0xfffffe012113fab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe012113fab0 --- syscall (1, FreeBSD ELF64, sys_sys_exit), rip = 0x8008fa14a, rsp = 0x7fffffffec48, rbp = 0x7fffffffec60 --- panic: bad pte va 8008a2000 pte 0 cpuid = 1 KDB: enter: panic The crash is in memory manipulation, an area high unlikely to be a software fault. Furthermore, that panic string indicates a memory location within a page table has spontaneously changed to 0, which wouldn't have happened via software. I checked a couple of the other panics and they were different, but still in random low-level areas that generally point to hardware faults.

@jimp, Changed RAM 5 days ago. pfSense has not crashed once in the past 5 days so it looks like the problem has been solved. I put the suspect RAM in another computer and its been running fine since then as well. My guess is that the old RAM is good, but was not seated well. In changing the RAM, I happened to fix the problem by seating the new RAM properly. Thanks for the help jimp.